Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="4897">
  <issue id="971611" tracker="bnc">VUL-0: CVE-2016-3185: php5: Type confusion vulnerability in make_http_soap_request()</issue>
  <issue id="971612" tracker="bnc">VUL-0: CVE-2014-9767: php5: ZipArchive::extractTo allows for directory traversal when creating directories</issue>
  <issue id="969821" tracker="bnc">L3-Question: VUL-1: CVE-2016-3141: php5: PHP Bugfix (71587) - Use-After-Free / Double-Free in WDDX Deserialize</issue>
  <issue id="971912" tracker="bnc">VUL-0:  CVE-2016-3142: php5: Out-of-bounds read in phar_parse_zipfile()</issue>
  <issue id="973351" tracker="bnc">VUL-0: CVE-2015-8835: php5,php53: SoapClient s __call   method suffers from type confusion issue</issue>
  <issue id="973792" tracker="bnc">VUL-0: CVE-2015-8838: php5,php53: mysqlnd is vulnerable to BACKRONYM</issue>
  <issue id="974305" tracker="bnc">VUL-1: php5: Buffer over-write in finfo_open with malformed magic file.</issue>
  <issue id="CVE-2015-8838" tracker="cve" />
  <issue id="CVE-2015-8835" tracker="cve" />
  <issue id="CVE-2014-9767" tracker="cve" />
  <issue id="CVE-2016-3185" tracker="cve" />
  <issue id="CVE-2016-3142" tracker="cve" />
  <issue id="CVE-2016-3141" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pgajdos</packager>
  <description>
This update for php5 fixes the following security issues:

- bsc#974305: buffer overflow in libmagic 
- CVE-2015-8838: mysqlnd was vulnerable to BACKRONYM (bnc#973792).
- CVE-2015-8835: SoapClient s__call method suffered from type confusion issue (bnc#973351).
- CVE-2016-3141: A use-after-free / double-free in the WDDX
  deserialization could lead to crashes or potential code
  execution. [bsc#969821]
- CVE-2016-3142: An Out-of-bounds read in phar_parse_zipfile() could lead to crashes. [bsc#971912]
- CVE-2014-9767: A directory traversal when extracting zip files was fixed that could lead to
  overwritten files. [bsc#971612]
- CVE-2016-3185: A type confusion vulnerability in
  make_http_soap_request() could lead to crashes or potentially code
  execution. [bsc#971611]
</description>
  <summary>Security update for php5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places